How to Optimize Payments with 3D Secure

Learn how to optimize 3DS and provide maximum security to your customers while delivering a great and effective checkout experience.

How to Optimize Payments with 3D Secure

The European Union Strong Customer Authentication (SCA) standards are now mandatory for all European online transactions. SCA was introduced to protect consumers from fraud as part of the EU’s Payment Security Directive 2 (PSD2) regulations.


To comply with the regulations, all card issuers and banks must add two-factor authentication for all card payments made by EU-based shoppers. Some exemptions may apply, but merchants shouldn’t rely on them when accepting online payments in Europe. 


Under the previous regulations governing payment security in Europe, a protocol known as 3D Secure 1.0 (3DS 1.0) was used to verify digital payments. The new regulations require an updated version of the protocol called 3D Secure 2.0, which makes it easier for financial institutions to collect and process customer payment information following SCA requirements. This enables e-commerce companies to achieve the highest approval rates and reduce the risk of a transaction being declined due to non-compliance. 


Many merchants believe that the more security checks there are in the checkout flow, the more likely there are to be technical issues and the less likely customers are to complete their purchase. However, implementing 3DS doesn’t have to negatively impact online transactions – in fact, when integrated correctly and well-optimized, 3DS can enhance the customer experience. 


Read this article to learn how to optimize 3DS and provide maximum security to your customers while delivering a great checkout experience.


Table of contents:

How does 3DS work?

What does the 3DS flow look like?

3D Secure: A trade-off between convenience and security?

How to optimize 3D security for higher conversion rates

Summary: Optimize 3DS 2 to enhance customer experience


How does 3DS work?

3D Secure 2.0 (3DS 2.0) is a protocol designed to improve the exchange of online transaction data and protect consumers. It is an improved version of the original “Three Domain Secure” (3DS) authentication used by card issuers and acquirers in accordance with specific card schemes such as MasterCard and Visa. 3DS 2 safeguards against potential fraud and chargebacks.


3DS works based on a three-domain model:

  • Banks and businesses that accept credit card payments (acquirer domains), 
  • The environment of the issuing bank, where the card is being used (the issuer domain), 
  • Systems that enable the 3DS process by letting parties involved in the transaction communicate and exchange information (the interoperability domain). 


All of these parties engaged in a transaction are authenticated using digital certificates via Secure Sockets Layer (SSL) protocol and Extensible Markup Language (XML) messages.

What does the 3DS flow look like?

When a buyer inserts their card information, the merchant receives their request and enrolls them via a three-desired-step flow. 


Once the issuer receives a payment request, they can review contextual data, including the type of product within the purchase, the buyer’s shipping location, device type, etc. 


At this point, the issuer might deem the information sufficient to approve or deny the transaction. Otherwise, they may request the buyer to prove their identity with additional information such as face recognition or fingerprints. The issuer decides which challenge the customer needs to perform – face recognition, fingerprinting, or a one-time verification code. 


Finally, after providing the requested information in the validation step, the issuer approves or denies the transaction.


(3D Secure support graphic – What is 3D Secure 2.0 and how does PayU support merchants to comply with 3DS).

What is 3D Secure 2.0 and how does PayU support merchants to comply with 3DS

3D Secure: A trade-off between convenience and security?

As with any security measure, 3DS 2 is not free from disadvantages. In Europe, the challenges of 3DS implementation arise primarily from the failure to complete payment flows. Many banks lack some requirements, such as responsive web design, two-factor authentication, and other technological conditions significantly affecting customer experience. For instance, such organizations are required to perform two-step authentication flows, which means that a one-time passcode is insufficient and requires an additional step. The added step turns out to be tricky: even the most advanced banks – ones that have implemented the two-stage verification – lose a hefty percentage of transactions due to 3DS.

Failure to meet these requirements has plummeted conversion rates by 3.5%.


As expected, 3DS 2 poses challenges to the customer experience as well. The new requirements may be unfamiliar to many customers initially, potentially increasing abandoned carts at checkout and impacting approval rates. 


In fact, if we examine the particular causes of 3DS rejection, we can identify two major defects that occur during the authentication attempt. 


1- “Timeout at ACS”

“Timeout at ACS” indicates that the message “SCA Window” appeared on the customer’s screen, but no action was performed. It accounts for 62% of all 3DS authentication error rejections (+10% from the previous year).


2- “Authentication failed”

 “Authentication failed” indicates that the user was unable to perform authentication correctly. It accounts for 21% of all 3DS error rejections (-12% compared to the previous year).


Nonetheless, the customer experience can also improve with 3DS 2. According to Visa, thanks to 3DS 2, cart abandonment will drop by 70% and checkout times by 85%. How is that possible? For trusted transactions, payment service providers can enable a frictionless payment journey without asking customers to provide any additional authentication. For any payments that are deemed riskier, providers can ask customers to authenticate with biometrics (fingerprint or facial recognition) or one-time passwords. By using data to their advantage, they can increase approval rates for merchants and offer a seamless payment journey for the majority of transactions. 


And here’s the best part: for merchants, 3DS comes with more advantages than just security. Customers are more likely to complete purchases on a website if they feel confident that their payment information is safe. Merchants can reduce disputed transactions and boost sales by implementing 3DS, designed to eliminate sources of fraud.

PayU anti-fraud solution overview 990x640

How to optimize 3D security for higher conversion rates

Monitor and spot decreases in approval rates due to 3DS

Our analysis shows that transactions with Strong Customer Authentication (SCA) experience a significant number of rejections and may result in lower approval rates. 


PayU allows merchants to accommodate 3DS on all platforms, using payment analytics to monitor and identify decreases in approval rates due to the 3DS verification process. Such insights are crucial for businesses to keep tabs on their performance and take action if they see a drop in approval rates.


Deal with soft declines  

A soft decline occurs when a bank confirms the existence of the card but cannot approve the transaction for some reason. For example, strong customer authentication (SCA) may be required (for compliance reasons). A soft decline indicates that this transaction could be approved if the cause of the soft decline was resolved. Payment providers such as PayU assist merchants with soft declines. Indeed, if an issuer rejects a transaction that was processed without 3DS authentication, PayU resends it with 3DS authentication.


Balance security and approval rates

To get a realistic picture of transaction rejections and keep their business safe, merchants need an anti-fraud system that assesses whether transactions are potentially fraudulent or not. 


If a transaction is deemed safe, a system like PayU’s solution can carry out 3DS 2 exemption to improve the approval rates. Exemptions that can be applied are either low-value transactions (with an amount below 30€ or low risk (TRA) or transactions considered non-fraudulent by the antifraud system. 


If the system applies for the exemption, the end customer doesn’t have to undergo a strong customer authentication process. As a result, the merchant can offer a smooth and secure checkout experience, ensuring the highest level of approval rates. 


For example. PayU has optimized approval rates for more than 50 merchants in Europe saving approximately 1,000,000 transactions and over $30 million dollars.

Payment approval rates for e-commerce key facts

Summary: Optimize 3DS 2 to enhance customer experience

While SCA is still mandatory only in European countries, other markets are also becoming interested in the idea of implementing 3DS 2 to improve the security of their payments and deliver a more frictionless customer experience. This is especially relevant since cybercriminals are actively developing new methods for bypassing 3D Secure protocols to commit card-not-present (CNP) fraud. Most commonly, these methods include a combination of phishing attacks (to circumvent 3D Secure) and social engineering. Instead of betting on a direct attack, cybercriminals slowly make their way around the system and craft a social engineering campaign meant to trick consumers into handing over sensitive information such as their card numbers or bank account information.


While security is a key part of e-commerce payments and can today be successfully addressed by modern anti-fraud solutions, businesses need to balance safety and performance. That is why it’s paramount for e-commerce merchants to partner with a high-quality payments provider that will help them to carry out payments securely and optimize security measures such as 3DS 2 to achieve higher approval rates and grow their business.